/// <summary> /// Handles the AuthenticateRequest event of the HttpApplication. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param> private void context_AuthenticateRequest(object sender, EventArgs e) { // Don't read OAuth messages directed at the OAuth controller or else we'll fail nonce checks. if (this.IsOAuthControllerRequest()) { return; } using (var crypto = OAuthResourceServer.CreateRSA()) { var tokenAnalyzer = new SpecialAccessTokenAnalyzer(crypto, crypto); var resourceServer = new ResourceServer(tokenAnalyzer); var context = this.application.Context; Task.Run( async delegate { ProtocolFaultResponseException exception = null; try { IPrincipal principal = await resourceServer.GetPrincipalAsync(new HttpRequestWrapper(context.Request)); context.User = principal; return; } catch (ProtocolFaultResponseException ex) { exception = ex; } var errorResponse = await exception.CreateErrorResponseAsync(CancellationToken.None); await errorResponse.SendAsync(); }).Wait(); } }
protected override bool CheckAccessCore(OperationContext operationContext) { if (!base.CheckAccessCore(operationContext)) { return(false); } var httpDetails = operationContext.RequestContext.RequestMessage.Properties[HttpRequestMessageProperty.Name] as HttpRequestMessageProperty; var requestUri = operationContext.RequestContext.RequestMessage.Properties.Via; return(Task.Run( async delegate { using (var crypto = OAuthResourceServer.CreateRSA()) { var tokenAnalyzer = new SpecialAccessTokenAnalyzer(crypto, crypto); var resourceServer = new ResourceServer(tokenAnalyzer); ProtocolFaultResponseException exception = null; try { IPrincipal principal = await resourceServer.GetPrincipalAsync(httpDetails, requestUri, CancellationToken.None, operationContext.IncomingMessageHeaders.Action); var policy = new OAuthPrincipalAuthorizationPolicy(principal); var policies = new List <IAuthorizationPolicy> { policy, }; var securityContext = new ServiceSecurityContext(policies.AsReadOnly()); if (operationContext.IncomingMessageProperties.Security != null) { operationContext.IncomingMessageProperties.Security.ServiceSecurityContext = securityContext; } else { operationContext.IncomingMessageProperties.Security = new SecurityMessageProperty { ServiceSecurityContext = securityContext, }; } securityContext.AuthorizationContext.Properties["Identities"] = new List <IIdentity> { principal.Identity, }; return true; } catch (ProtocolFaultResponseException ex) { // Return the appropriate unauthorized response to the client. exception = ex; } catch (DotNetOpenAuth.Messaging.ProtocolException /* ex*/) { ////Logger.Error("Error processing OAuth messages.", ex); } var errorResponse = await exception.CreateErrorResponseAsync(CancellationToken.None); await errorResponse.SendAsync(); } return false; }).Result); }
/// <summary> /// Obtains parameters to go into the formulation of an access token. /// </summary> /// <param name="accessTokenRequestMessage">Details regarding the resources that the access token will grant access to, and the identity of the client /// that will receive that access. /// Based on this information the receiving resource server can be determined and the lifetime of the access /// token can be set based on the sensitivity of the resources.</param> /// <returns> /// A non-null parameters instance that DotNetOpenAuth will dispose after it has been used. /// </returns> public AccessTokenResult CreateAccessToken(IAccessTokenRequest accessTokenRequestMessage) { var accessToken = new AuthorizationServerAccessToken() { // For this sample, we assume just one resource server. // If this authorization server needs to mint access tokens for more than one resource server, // we'd look at the request message passed to us and decide which public key to return. ResourceServerEncryptionKey = OAuthResourceServer.CreateRSA(), }; var result = new AccessTokenResult(accessToken); return(result); }
/// <summary> /// Handles the AuthenticateRequest event of the HttpApplication. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param> private void context_AuthenticateRequest(object sender, EventArgs e) { // Don't read OAuth messages directed at the OAuth controller or else we'll fail nonce checks. if (this.IsOAuthControllerRequest()) { return; } using (var crypto = OAuthResourceServer.CreateRSA()) { var tokenAnalyzer = new SpecialAccessTokenAnalyzer(crypto, crypto); var resourceServer = new ResourceServer(tokenAnalyzer); try { IPrincipal principal = resourceServer.GetPrincipal(new HttpRequestWrapper(this.application.Context.Request)); this.application.Context.User = principal; } catch (ProtocolFaultResponseException ex) { ex.CreateErrorResponse().Send(); } } }